In order to examine the issues associated with security in a converged environment, we need to establish a common knowledge base of components and building blocks. To properly build, maintain, and secure a network, you first have to know what a network really is and how information travels along through a network. Learn some of the major components of networks and TCP/IP, you have the necessary background to examine the more critical issues of security in a converged environment.

To examine the issues associated with security in a converged environment, we
need to establish a common knowledge base of components and building blocks. To
properly build, maintain, and secure a network you first have to know what a
network really is, and how information travels along through a network. Although
you will find this chapter to be a useful, high-level overview, if you have a
Cisco Certified Internetwork Expert certification (CCIE) or years of networking
background, you may want to skim this chapter.

What Is a Network?

Well, that depends on whom you ask. A person with a strong telecommunications
background will most likely tell you a network consists of PBXs, tie trunks,
adjunct systems, PRI lines, T1s, handsets, and miles of fiber and copper cable.
A person with a strong data background will probably tell you a network is made
up of workstations, servers, routers, WAN connections, hubs, switches, and miles
of fiber and copper cable. While both parties can agree that cabling is an
integral part of the network, that's where the agreement will most likely
end. In essence, both the telco and data people are right; however, for the
purposes of this discussion, this chapter concentrates on data networks.

In its simplest form, a data network is a means to connect two or more
computer systems for the purposes of sharing information. Networks come in all
shapes and sizes: from two home PCs connected with a single cable to the
colossal Internet, spanning the globe and connecting millions of distributed
systems. Despite the extreme differences between various network installations,
you can generally define a given network in terms of its architecture, topology,
and protocol.

Network Architectures

Traditionally, network architectures are divided into two types: local
area networks (LANs) and wide area networks (WANs). LANs consist of two or more
systems typically in the same geographic area connected with fiber or copper
cabling and a network infrastructure consisting of switches and hubs. All
personal networks and the vast majority of office networks fall into the LAN
category. WANs consist of two or more systems in geographically separated areas
connected with any of a variety of methods such as leased lines, radio waves,
satellite relays, microwaves, or even dial-up connections. The Internet is by
far the largest WAN in existence. With the advent of wireless networking,
optical, and cellular technology, the lines between LANs and WANs sometimes
blur, merging seamlessly into a single network entity. Recently, more terms have
been added to better classify and describe network architectures:

CAN (campus area network, also referred to as a campus wide area
network)—A network connecting a number of buildings such as a
university or office complex.

Intranet—A private network belonging to an organization that
is only accessible to authorized users (typically members of that organization).
Most large corporations operate an intranet to promote information sharing and
increase productivity.

Internet—The network connecting hundreds of millions of
systems and users on a global scale.

MAN (metropolitan area network)—A network designed for a town
or a city. Typically larger than a LAN, but usually smaller than a WAN.

SAN (storage area network)—A high-speed network connecting a
variety of storage-related devices such as RAID arrays, tape systems, file
servers, and so on.

VLAN (virtual local area network)—A network allowing systems
on separate physical networks to communicate as if they were connected to the
same physical network.

Client-Server—A network where powerful, dedicated systems
called servers provide resources, files, devices, and even processing
power to individual workstations or clients.

Peer-to-peer—A network where each system has equal
capabilities or responsibilities, such as home networks.

Network Topologies

Closely related to the architecture of a network is the topology of
the network: how the network is physically arranged. Traditionally, networks are
described as being one of three major types:

Star—Network components are connected to a central point (as
seen in Figure 3.1).

Bus—Network components are connected to the same cable, often
called the bus or the backbone (as seen in
Figure
3.2).

Ring—Network components are connected to each other in a closed
loop with each device directly connected to two other devices (as seen in
Figure 3.3).

Most networks use one or more of these topologies. For example, an office complex
may have a series of star topology LANs in each building connected to a larger
bus network that is connected to other buildings using a ring topology, like
that shown in Figure
3.4.

Network Protocols and the OSI Model

Another critical component of a network is the protocol, which is an
agreed upon format for exchanging or transmitting data between systems. A
protocol defines a number of agreed upon parameters such as the type of error
checking to use, the data compression method, and mechanisms for systems to
signal when they have finished either receiving or transmitting data. There are
a wide variety of protocols, each designed with certain benefits and uses in
mind. Some of the more common protocols are

AppleTalk—The communications protocol developed by Apple to
connect Macintosh computers and printers.

Asynchronous Transfer Mode (ATM)—A protocol based on
transferring data in fixed-size packets. Using fixed packet sizes allows for
high speed, equitable transfer of data, video, and voice over the same
network.

DECnet—The protocol developed by Digital Equipment
Corporation used to connect PDP and VAX systems.

Ethernet—The LAN protocol developed jointly by Xerox, DEC,
and Intel. The most widely implemented LAN standard.

Signaling System 7 (SS7)—The telecommunications protocol
developed by the International Telecommunication Union. This protocol is used
between PBXs to handle tasks such as call setup, routing, and teardown.

Systems Network Architecture (SNA)—A set of network protocols
developed by IBM, originally used to connect IBM's mainframe
systems.

Token Ring—A LAN protocol developed by IBM where systems must
possess the network token before transmitting data.

Transmission Control Protocol/Internet Protocol (TCP/IP)—The
collection of communications protocols used to connect hosts on the Internet.
TCP/IP is by far the most commonly used network protocol. The TCP and IP
protocols are both part of TCP/IP.

X.25—A protocol developed by the Comité Consultatif
International Téléphonique et Télégraphique (CCITT)
for use in packet-switched networks. The CCITT was a subgroup within the ITU
before the CCITT was disbanded in 1992.

In general, communications protocols adhere to the Open System
Interconnection (OSI) model. The OSI model, or OSI Reference Model, is an ISO
standard for worldwide communications, defining a framework for implementing
protocols in seven distinct layers. Within the seven-layer OSI model, control is
passed from one layer to another (top down) before it exits one system and
enters another system where control is passed bottom up to complete the
communications cycle. Although most protocols loosely follow the OSI model,
several protocols combine one or more layers into a single function. One of they
key benefits of the layered model is that each layer hides the detailed
functions it performs from the other layers. Additionally, each layer only has
to know how to communicate with the layer above and below it. With that in mind,
you can see from Table 3.1 that the application layer does not need to know how
to communicate directly with the physical layer. The application layer only
needs to communicate with the presentation layer.